Information Technology Services

Use of Shibboleth/UCTrust Authentication for UCOP Applications

August 25, 2009

POLICY STATEMENT

RE: Use of Shibboleth/UCTrust Authentication for UCOP Applications

The University has set forth and created an Authentication
Federation, known as UCTrust. Most campuses, as well as UCOP have met
certain standards in order to join the UCTrust Federation. Members of
this Federation are allowed to use UCTrust authentication, which is
based on Shibboleth, for their respective memberships to access
“Shibbolized” applications. This policy sets forth guidelines for
establishing “Shibbolized” applications, i.e., applications at UCOP
which can or do use Shibboleth authentication as a means of providing
user access to the application.

The following chart defines the types of applications that should use Shibboleth Authentication. Not included are:

Public content-only sites, i.e., this policy only addresses
applications that are either transactional or provide content to
privileged users only – in short, those requiring a login for access.

MS Windows applications that are already tied into AD, e.g. Outlook

This chart should be used by all UCOP departments in their
specification of requirements for the development or purchase of any
computer application.